Posts by Gary Bickford

Re: With Oracle?

"While I don't mind Larry, I certainly do not want to put money into his sailing expeditions."

Actually for me that's the only thing he does that I _would_ support! :)

Re: Pint due.

> But political nuts that insist on turning any thread into political shit make me wish you could legally shoot them on sight.

To paraphrase, "If it's politician season, why can't we shoot them?" :D

Re: ENOUGH!

> I'm not smart enough to figure out a solution (and there may not be one), but it seems to me that something should be possible.

What I'd _like_ to suggest but is actually a bad idea would be when one of these hijacked devices is identified, that the victim server could be allowed to route back to the offending device, and reset it, erasing the bogus code and setting a new random password. Then the device would still run, but the owner would be locked out of the admin interface until they reset to factory specs again (and hopefully set the user /pass to something different). Needless to say, this is a bad idea.

But either from class action litigation liability forcing a recall, and/or legislation, requiring every device to have a different factory reset password and defaulting to not allow admin access from the WAN side would solve most of these problems. And I suspect you will see ISP / cable providers taking an active role and blocking devices that they determine are susceptible. They could do thus with a quick login test when a device is first seen by their routers by detecting the device type and trying the default login. If it wirks, they block traffic from that device (or port, if on a local NAT setup.)

Re: WTF

Reagan had little to do with it. I was there. At the time the USPTO was so many years behind that entire product lifecycles were going by before the original patent got reviewed. (Also, no software patents, as software was based on algorithms and algorithms were math, and math could not be invented, only discovered as a fact of life. Until 1986. But that's another story.) So everybody - Congress, the President, business, etc. were whining out loud about the situation.

My company actually was working with another company to bid on the PTO's RFP for a system to scan and OCR all the existing patents and put them into a searchable online system. This would allow examiners and others to search existing patents more quickly. We ended up not bidding because of some rules for the bid, notably we could be awarded the bid, spend a couple of million on implementation, then the gov could cancel the contract and pay nothing. That was too much risk.

So the decision was made to change the rules, and allow the USPTO to default to 'award' unless they found pretty much obviously prior art in the patent office itself (not outside), and leave it to the patent applicant to defend the patent. This was widely hailed as a big step forward at the time, as it would (and actually did) cut the backlog from six to 10 years down to a year or two. But this was before software patents, widespread gaming via trivial patents and the art of patent trolling. Trivial patents have always been with us, but had not been such a serious problem, and patent trolls didn't really exist yet - a lot of this was the unintended consequence of the new rules _combined with_ the explosion of computers, making it easy both to generate new patents and search for potential victims. It's taken a while, but IMHO we are finally tweaking the new system in ways that are bringing the system back into sanity.

Re: Giving up on space

I wouldn't be too glum. The news, which is generally written from the perspective of the great unwashed, doesn't give a good picture of what's really going on. For starters, while NASA's budget is "only" about $15 billion (that's bigger than Hollywood), the US military space program is something over $20 billion. And while all global government space programs together are about $70 billion, that's dwarfed by the money flowing through commercial space - about $250 billion. That's mostly the commsat market of course, but still.

Meanwhile, the growth of commercial and private space activity is beginning to look very encouraging. I've only really been following closely since 2011, but in that time this area has blossomed, with ever-increasing activity, quality, successes, and business. The launch cost structure defined by SpaceX is 1/2 of the old days, and is well on its way to dropping by another 1/3 to 1/2 if/when the reusable first stage becomes the norm. This is forcing ULA for example to completely restructure their company to compete with SpaceX.

The big thing about all this is that as costs to get into space ("LEO is 1/2 way to everywhere") are reduced, the potential launch market goes up geometrically. At 1/2 the cost the market is probably at least 4 times as large. This in turn will drive higher production volumes, reducing costs further and improving reliability and dependability in the process. We are transitioning from the hand-built Hupmobile to the factory-automated Model T.

In the meantime, the technology is advancing on all fronts. That is the less well known factor of the SpaceX success - they were able to build a 'clean sheet' design for everything, using the latest in rocket technology and materials. For instance the $5 million turbo pump was replaced with a $500,000 turbo pump built in-house. There are a dozen advanced ion propulsion systems, and even some work on exotic physics. There are IIRC two companies working on new nuclear thermal rockets. (A minor aside re nanotechnology - check out NanoRAM, which is presently in use in several USAF satellites.)

Not to go on too long, but all this is trending toward an impending explosion in all aspects of space.

Unfortunately the discoverers of this old data won't have the key.

I've been doing some work for the Drive Trust Alliance (http://drivetrust.com), so I'm tuned to the Full Disk Encryption / Self Encrypting Drive technology. By the end of 2017 nearly all storage will be using it.

So now I foresee a distant future when , after the collapse of human civilization, our successors, having risen to sentience and culture and having a robust archaeological science, discover this trove of human data in the Lunar Long Term Data Repository that we kindly left for future generations.

Unfortunately, all the data is encrypted, and the key is lost. Or there's a typo in the docs.

Thus speaks to a fundamental problem - such a data trove undoubtedly must contain secrets that should not be available to just anyone. But how to assure that the data is truly available in the distant future?

Re: Security

Actually their profit wasn't that great. Their problem is that their _cost_ is more than $83 million.

Re: Except for the fact that Doohan was Canadian?

A True Scot

Re: Meanwhile, at the Pork Barrel Bar..

A weird, slightly relevant example or analogy. Back in the 1990s, General Motors could go from a blank sheet of paper to a new engine design coming off the assembly line in under a year. But it took two to three years to design a new headlight or taillight and get it into production.

Re: Does it really save that much?

I used to tell my daughter that not raising the thermostat two degrees would save enough money to buy her a new sweater every month! :D She was not impressed though.

Re: It could always be worse.

There are those who say, (and I tend to agree) that this is exactly why exception handlers are the devil's spawn, combining the worst elements of gotos and segfaults! Yes, they _can_ be used, carefully, in such a case - but you are leaving all context behind, eliminating any possibility of maintaining state except by manual labor. There was an essay ... in fact there have been several:

http://www.lighterra.com/papers/exceptionsharmful/

> "Exception handling introduces a hidden, "out-of-band" control-flow possibility at essentially every line of code. Such a hidden control transfer possibility is all too easy for programmers to overlook – even experts. When such an oversight occurs, and an exception is then thrown, program state can quickly become corrupt, inconsistent and/or difficult to predict (think about an exception unexpectedly being thrown part way through modifying a large data structure, for example)."

> "Exception handling does not fit well with most of the highly parallel programming models currently in use or being explored (fork/join, thread pools and task queues, the CSP/actor model etc), because exception handling essentially advocates a kind of single-threaded "rollback" approach to error handling, where the path of execution – implicitly a single path – is traversed in reverse by unwinding the call stack to find the appropriate error handling code."

http://www.joelonsoftware.com/items/2003/10/13.html

> "The reasoning is that I consider exceptions to be no better than "goto's", considered harmful since the 1960s, in that they create an abrupt jump from one point of code to another. In fact they are significantly worse than goto's:"

http://blogs.msdn.com/b/dennisg/archive/2012/04/28/exceptions-considered-harmful.aspx

> "The doctrine of object-oriented programming dictates that exceptions are the mechanism of choice to raise (and, possibly, handle) severe error conditions that cannot be safely ignored by the client code. Let me just take a step back to explain why I think exceptions are all but inappropriate in most situations by definition."

Re: I wonder...

I suggest you read up on a bit of history. Start with the two Barbary Coast Wars (when the Sultan of Tunisia told Jefferson, "according to Holy Kuran we are mandated to kill all infidels. It is only because we are merciful that we only hold them hostage" - that is when the Marines were created, and why the song has the "Shores of Tripoli" in it).

The Middle East has been destabilized almost continuously for many reasons and by many different forces since roughly 650 AD.

See also, hmm, let's see ... just for starters: Crimean War, the Great Game (including the Uighurs and Yajub Beg), Hasan Bin Sabbah and the Hashishins (great name for a band ...), the defeat of Alexandria by the Romans (where they salted the fields of North Africa, eliminating the Alexandrians' ability to grow crops and attain a competitive level of power ever again), the millennia of war between the Greeks, Turks and Persians, dating to 1000 BC (see Xenophon, etc.). And the

Oh - and it was the British who were largely in charge of the Middle East in the 19th and early 20th century, who divided the area up into countries that did not match the traditional tribal boundaries, and told the Palestinians and Israelits contradictory things.

You have about five years of study about the real history before you stick your toe into this swamp.

Re: We've all seen House of Cards

I think there will be an investigation, and it will have an effect. IMHO it's unlikely that anyone at USAF actually went outside the bounds of ethics, but it's quite common for government agencies to 'tilt' the RFQs one way or another to make it easier for a preferred provider to win. And in this case, USAF sees on one hand, ULA's perfect military launch record with the most recent version of a rocket design that has been around for 50 plus years, and on the other hand, an upstart company with zero military launches, with a rocket that has started well but hasn't been perfect, that has little experience doing things the USAF way (which could mean they mistakenly left out a crucial cost item, or even just underestimated the additional labor and other costs inherent in delivering under a military contract.)

So a combination of preferring to work with known quantities, with people who you are used to working with, and with an RFQ that is tuned a bit toward a ULA vehicle, doesn't amount to anything more unethical than tuning a fleet contract more toward Ford than to Tesla.

I think the main thrust of the investigation will be whether ULA has been highballing their costs above what they should have been all this time. One thing the government really hates is paying more for something than a commercial entity. IIRC it's actually a federal crime to charge the feds more for the same package as anyone else - they are entitled to the same discount as your best customer by law. They can at least come after you for a refund later.

bit locker is old hat - self encrypting drives are already here

Bitlocker is about "data at rest", while homomorphic encryption is about data in process and SSL (for example) is about data in transit. At present nearly all server class hard drives are self encryping, and most consumer drives though it may not say so on the label. I am told that by the end of this year nearly all HDs and SSDS of all types wi) be. All Apple products have been for years. What's been missing is a standardized library, which now exists (OPAL) and a widely accepted API and user/OS interface, which is now in the process of being accepted - see the Drive Trust Alliance (http://drivetrust.org iirc)

An SED drive keeps all the data encrypted all the time using an internally generated 256 bit key. Another set of keys - passwords - can be set externally. Resetting the drive's internal key effectively erases the drive as brute force decryption would require millions of dollars worth of cpu time at present.

Re: Would you like another dimension with that, sir!

This reminds me if an old SF story, where a scientist announces hechas found the equation that determines the entire universe. When he presents it on a chalkboard, one if his colleagues shoutts out, "You are incorrect! You have inverted a sign at step 14!"

Sadly, the scientist begins to erase his work. And as he does so, the Universe disappears.

EVERYTHING's syntax is easier than Perl's ...

Except maybe APL ... or Brainfuck. Actually in both cases its not the syntax per se. ;)

Re: FAA

I could just as easily argue the opposite - the excessive cost and delay involved in FAA (and FCC) approval has resulted in many newer advancements not being available, or too expensive to bring to market, or too expensive for normal people to buy. Case in point - 30 years ago $2500 aircraft radios had terrible sound quality and not very good reception or reliability compared with $100 CB radios, largely because the amortised cost of approvals by both agencies when even one resistor was changed on the circuit worked out to over $1000 (1980 dollars) per unit - after development costs. From what I've read even today much or most aircraft equipment is using seriously old technology for the same reason.

In truth, there is a happy medium somewhere.

Re: Mainly a public sector issue

I'm not sure, but if an encrypted copy were sent to another jurisdiction (e.g. USA), but the keys were never sent out, that might provide backup with reasonably secure privacy. It would have to be sent back to EU before decryption, slowing things down a bit, but small price. The USA copy could be safely 'disclosed' in its encrypted form without violating privacy. Of course it would be necessary to use multiple keys, at least one for each small unit of data like a file.

It would also be useful to store the encrypted data on drives with Full Disk Encryption, with the disk key(s) also stored in a special system outside the jurisdiction. The US Fifth Amendment actually protects against forcing a person from disclosing a password to an FDE drive, _if_ the person has never written it down or disclosed it to anyone (verbally, email, whatever). The court case regarding a corporate person's privacy and what constitutes disclosure if the data is on a special server would be interesting.

Re: Look at what they are actually measuring.

Indeed. It was proved back in the 1980s that black box testing can never (*) find more than about 30% of the bugs that exist.

(*) probabilistically speaking

Re: Bad Old Days

Your point about the 'sacred Moon' is actually something I, as an advocate of space development (see http://thespaceplan.com), am worried about. There is already a small but vocal cadre who say either that all of space should be left 'pure' for scientific research, or that it should be off limits to the 'evil humans who pollute everything". I am fairly confident that a significant attempt will be made to block all attempts at commercial or other non-governmental space activity, including habitation. I could see this both on the US and Euro stages, and in the UN.

Lots of poor lawyers

Actually yes, there are a lot of poor lawyers. Like rock bands, a few make the headlines, most of them toil away in the legal equivalent of neighborhood bars. I read several years ago that at that time the average pay of sysadmins was about $65K, and of lawyers about $61K. I think this is because a large fraction of lawyers spend their days doing legal research for big enterprises, another large fraction work defending (or prosecuting) low level defendants. These latter don't get paid to sit around and wait for clients. I've been to the offices of independent lawyers defending DUI clients (not me) - they tend to have offices near the courthouse in very cheap office space with very used furniture.

Re: Ha, ha, ha

It's important to distinguish subsidies from purchases. SpaceX has not to my knowledge done any cost-plus contracts with NASA or any other gov't agency. But NASA does buy stuff from them, including paying for launches. I expect, but don't know, that NASA may also be paying for additional development costs for features that SpaceX wouldn't otherwise have any use for. That's also not a 'subsidy' but payment for product or service.

Recognize that their fixed price (the catalog price is on their website) being less than 1/2 the price of of the 'old space' firms like ULA has caused ULA in particular to reorganize their entire company to reduce their operational costs so they can compete with SpaceX. This is resulting in huge savings for NASA (notwithstanding the lack of Congressional wisdom.)

Several tourists have paid the $20 million or so it costs to do a stint in LEO on the ISS. But AFAIK nobody has proposed a cost to go around the moon under $400 million, and while some Russian oligarchs and Arab sheiks have paid that much for their new yachts, you can use a yacht for more than a week. For national agencies, just riding in a capsule around the Moon doesn't have enough benefit to justify the cost. A couple of companies have come up with lower cost moon landing proposals - Golden Spike company comes to mind - pricing at $1.5 billion for two people to land, stay a week, and return. But there hasn't been much interest. I think it's just too early.